TMCnet - World's Largest Communications and Technology Community



| More

TMCNet:  Windows 8 Sync Settings - Security Hole

[February 15, 2013]

Windows 8 Sync Settings - Security Hole

Originally posted on VoIP & Gadgets Blog, here:

Windows 8 has a cool new feature that lets you login with your cloud-based Microsoft account (,, and it will synchronize your settings between Windows 8 PCs, but with a "security catch". We'll get into that in a moment. First, here's a list of features and settings that you can sync:

  • Personalize - Colors, background, lock screen, and your account picture
  • Desktop personalization - Themes, taskbar, high contrast, and more
  • Passwords - sign-in info for some apps, websites, networks, and HomeGroup
  • Ease of Access - Settings for Narrator, Magnifier, and more
  • Language preferences - Keyboards, other input methods, display language, and more
  • App settings - Certain settings in your apps, but not all
  • Browser settings - Internet Explorer history and bookmarks/favorites
  • Other Windows settings - Windows Explorer, mouse settings, and more
  • Sign-in info - For some apps, websites, networks, and HomeGroup
Looking at this list, you'd probably be just as excited as me. If you have a Windows 8 tablet and a Windows 8 PC, now you can easily view the recent websites you viewed in either due to the  "shared" History. That feature has already come in handy for me several times. I also like how I can have a picture of my family, dog, or my favorite picture on the lockscreen of all my devices. I set it one one device and it automatically syncs it to the others. Easy peasy!

But here's the problem. You must use a Microsoft cloud-based account for sync settings to work and you cannot use a local account. Why is this bad Well, suppose Hotmail gets hacked and the hackers gain access to your Microsoft account credentials. Now, not only can they access your email, but they can Remote Desktop to your home PC and access every photo, every video, every confidential financial file - everything. Your entire digital life is laid bare.

Now you could argue that the hackers would have to know your IP address in order to login (via Remote Desktop) using your stolen Microsoft account credentials. Fair enough. But who's to say Microsoft doesn't store the last IP address used when you logged in Let's go a bit deeper. What's to stop a Microsoft employee from logging into your home PC and seeing you have a pirated copy of Microsoft Office along with thousands of pirated movies What's to stop a Microsoft employee from logging into their ex-boyfriend's/ex-girlfriend's PC for nefarious purposes

The only workarounds to this major "potential" security hole are:
  • Disable Remote Desktop (not feasible for many users, since it's so useful)
  • Change the Default Port for Remote Desktop from 3389. Though this will only slow a determined hacker or Microsoft employee
  • Switch to VNC remote desktop sharing program (& disable Remote Desktop)
  • Switch to a local account (Unfortunately, you lose the benefits of 'synching' across your Windows 8 devices) smiley-cry
Now here is where it gets interesting. I have two Windows 8 PCs joined to a corporate domain, one Windows 8 tablet joined to a corporate domain, and one home Windows 8 PC not part of a domain. For all of my domain-joined Windows 8 PCs (& tablet), I am not required to use a Microsoft account. I can simply "link" my domain account with my Microsoft account, but continue to use my domain credentials to authenticate / log-in to my PC either locally or via Remote Desktop when remote. Here's a screenshot showing how my domain account can be linked with my Microsoft hotmail account (blurred for privacy):

Continue reading Windows 8 Sync Settings - Security Hole...

Tags: , , , , , , , , Related tags: , , , , ,

Related Entries
  • New Hotmail/Outlook Sucks on iOS & Android & Why That's Good for Microsoft - Jul 31, 2012
  • It's the Tablet Size Niches! - Feb 07, 2013
  • Telefonica Looking for Channel Partners to Crack U.S. Market - Jan 31, 2013
  • Windows 8 Tablets Will Beat Apple & Android - Dec 05, 2012
  • Voxbone Global DID Numbers Come to Aculab Cloud Platform - Nov 13, 2012
  • How to Setup a Wi-Fi HotSpot in Windows 8 - Oct 31, 2012
  • Skype for Windows 8 Launches Simultaneously with Windows 8 & Microsoft Surface - Oct 22, 2012
  • ITEXPO West 2012 Videos - Oct 04, 2012
  • Windows 8 & Windows 8 RT Metro/Modern UI Lync App Coming Soon - Sep 21, 2012
  • Windows 7 Ultimate Upgrade to Windows 8 Problem Solved! - Sep 20, 2012
  • TrackBacks | Comments | Tag with | VoIP & Gadgets Blog Home | Permalink: Windows 8 Sync Settings - Security Hole

    [ Back To Skype News 's Homepage ]


    Technology Marketing Corporation

    35 Nutmeg Drive Suite 340, Trumbull, Connecticut 06611 USA
    Ph: 800-243-6002, 203-852-6800
    Fx: 203-866-3326

    General comments:
    Comments about this site:


    © 2018 Technology Marketing Corporation. All rights reserved | Privacy Policy